ECC Class
Properties Methods Events Configuration Settings Errors
The ECC (Elliptic Curve Cryptography) component implements ECDSA (Elliptic Curve Digital Signature Algorithm) and ECDH (Elliptic Curve Diffie Hellman) operations.
Class Name
IPWorksEncrypt_ECC
Procedural Interface
ipworksencrypt_ecc_open(); ipworksencrypt_ecc_close($res); ipworksencrypt_ecc_register_callback($res, $id, $function); ipworksencrypt_ecc_get_last_error($res); ipworksencrypt_ecc_get_last_error_code($res); ipworksencrypt_ecc_set($res, $id, $index, $value); ipworksencrypt_ecc_get($res, $id, $index); ipworksencrypt_ecc_do_computesecret($res); ipworksencrypt_ecc_do_config($res, $configurationstring); ipworksencrypt_ecc_do_createkey($res); ipworksencrypt_ecc_do_reset($res); ipworksencrypt_ecc_do_sign($res); ipworksencrypt_ecc_do_verifysignature($res);
Remarks
The ECC (Elliptic Curve Cryptography) class implements ECDSA (Elliptic Curve Digital Signature Algorithm) and ECDH (Elliptic Curve Diffie Hellman) operations.
To begin, first call CreateKey to create a new ECC key if necessary.
An ECC key is made up of a number of individual parameters. When calling CreateKey the Key* properties are populated with a new private and public key.
After calling Sign the public key must be sent to the recipient along with HashSignature so they may perform signature verification. Likewise you must obtain the public key along with HashSignature in order to perform signature verification.
The public key consists of the following parameters:
The class also includes the KeyPublicKey property which holds the PEM formatted public key for ease of use. This is helpful if you are in control of both sides of the encryption/signing and decryption/signature verification process. When sending the public key to a recipient note that not all implementations will support using the PEM formatted value in KeyPublicKey in which case the individual parameters must be sent.
The private key consists of one value:
The class also include the KeyPrivateKey property which holds the PEM formatted private key for ease of use. This is helpful for storing the private key more easily.ECDH Operations
The class supports computing a shared secret using ECDH. To computing a shared secret first set the RecipientKey* properties to the other party's public key. Then optionally set KeyDerivationFunction to the desired key derivation function. Finally, call ComputeSecret to compute the shared secret. The SharedSecret property will be populated with the computed secret.
ECDSA Operations
The class supports creating and verifying hash signatures using ECDSA.
To begin set the Key* properties to a valid private key. To create a new private key simply call CreateKey.
Select the input file by setting InputFile or InputMessage. Next call Sign. The Sign method will automatically compute the hash, and then sign the hash with the specified key.
Send the public key (see CreateKey for details), file, and HashSignature to the recipient.
When verifying a hash signature specify an input file by setting InputFile or InputMessage. Set HashSignature to the received hash signature. Then set Key to the public key and call VerifySignature.
To sign a hash or verify a hash signature without recomputing the hash simply set HashValue to the pre-computed hash value before calling Sign or VerifySignature.
Hash Notes
The class will determine whether or not to recompute the hash based on the properties that are set. If a file is specified by InputFile or InputMessage the hash will be recomputed when calling Sign or VerifySignature. If the HashValue property is set the class will only sign the hash or verify the hash signature. Setting InputFile or InputMessage clears the HashValue property. Setting the HashValue property clears the input file selection.
NOTE: This functionality is only available in Windows.
Property List
The following is the full list of the properties of the class with short descriptions. Click on the links for further details.
| HashAlgorithm | The hash algorithm used for hash computation. |
| HashSignature | The hash signature. |
| HashValue | The hash value of the data. |
| InputFile | The file to process. |
| InputMessage | The message to process. |
| KeyCurve | Specifies the curve being used. |
| KeyK | Represent the private key (K) parameter. |
| KeyPrivateKey | This property is a PEM formatted private key. |
| KeyPublicKey | This property is a PEM formatted public key. |
| KeyRx | Represents the public key's Rx parameter. |
| KeyRy | Represents the public key's Ry parameter. |
| KeyDerivationFunction | The key derivation function. |
| RecipientKeyCurve | Specifies the curve being used. |
| RecipientKeyPublicKey | This property is a PEM formatted public key. |
| RecipientKeyRx | Represents the public key's Rx parameter. |
| RecipientKeyRy | Represents the public key's Ry parameter. |
| SharedSecret | The computed shared secret. |
| SignerKeyCurve | Specifies the curve being used. |
| SignerKeyPublicKey | This property is a PEM formatted public key. |
| SignerKeyRx | Represents the public key's Rx parameter. |
| SignerKeyRy | Represents the public key's Ry parameter. |
| UseHex | Whether HashValue and HashSignature are hex encoded. |
Method List
The following is the full list of the methods of the class with short descriptions. Click on the links for further details.
| ComputeSecret | Computes a shared secret. |
| Config | Sets or retrieves a configuration setting . |
| CreateKey | Creates a new key. |
| Reset | Resets the component. |
| Sign | Creates a hash signature. |
| VerifySignature | Verifies the signature for the specified data. |
Event List
The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.
| Error | Information about errors during data delivery. |
| Progress | Fired as progress is made. |
Configuration Settings
The following is a list of configuration settings for the class with short descriptions. Click on the links for further details.
| KeySize | The size, in bits, of the secret key. |
| Curve | The elliptic curve. |
| CNGECDSAKey | The CNG ECDSA key. |
| CNGECDHKey | The CNG ECDH key. |
| PrependSecret | An optional string to prepend to the secret agreement. |
| AppendSecret | An optional string to append to the secret agreement. |
| HMACKey | A key to use when generating a Hash-based Message Authentication Code (HMAC). |
| TLSSeed | The TLS PRF Seed. |
| TLSLabel | The TLS PRF label. |
| CodePage | The system code page used for Unicode to Multibyte translations. |